Web Based SSH Client?
 

So lets say hypothetically speaking that somebody is stuck behind a pretty tight firewall at work. This person has web access via a proxy server.

Now, are their any ssh applications that can reside on somebodys webserver and be accessed via the web? I'm expecting something in java since this seems like the best choice for an application like this.

The issue is that all the ssh connections must be done on the web server; not from the client machine.

Thanks in advance.

P.S. I noticed something called MindTerm. It requires xorg for some reason. Would this work?

Mindterm wont work, if I understand your situation. Mindterm is SSH written as a Java applet. That is, a Java program is transfered to your machine, and executes on your PC giving you an SSH client. At that point, it's just an SSH client running on your machine.

In order to use any SSH client, you need an open outgoing port (any port number will do). Does your company allow telnet or FTP? If so, you can setup an SSH server on port 23 or 21, respectively, and use any SSH client.

If all outgoing ports are blocked, and only web access via proxy is available, then you are not going to be able to use SSH. You wouldn't want an SSH that runs on an intermediate web site; that's automatically a "man in the middle" attack. :)

Not if it runs on my site. I want an ssh client that I can access via my web site to connect to my server. Everything has to be done on the server.

If you have complete control over the server, and properly protect the communications (via SSL), then take a look at SSHWebProxy, or CGI-Shell, for a more generic tool. Neither is perfect, but you can at least get stuff done.

Would webmin work? You might try webmin with most of the admin stuff removed accept for the shell access(I can't remember, it might have and SSH client). Just give the person an acct on your server with just access to SSH out.

I'm not sure how the shell access in webmin is done though, it might not work through the proxy.

SSHWebProxy looks promising. I'll give it a try after work today.

Thanks.

I have the same question! I want to connect to server using ssh via http. Crashed_Again, did you try SSHWebProxy?

Nope...but I will this weekend. I need my ssh access.

Hmmm...I need to set up a "Servlet container" to use SSHWebProxy. I'm not sure how to do this so I'll look in to it.

OK- I've been looking for and working on this for weeks now, and it's getting silly.

I don't usually give up easily, but this whole process is made so much more difficult and incredibly frustrating by a complete lack of any useful documentation or information, a total lack of google search results, and the fact that I have to set up other servers with other dependencies, and most of the things I need to install don't use make or any sensible build process.

Here's the situation:
I have a cheapo (166Mhz, 46Mb RAM) headless server in my cupboard, running Slackware 9.1 (kernel 2.4.22). It provides services to the internet (web, ftp, ssh, etc). My friend regularly connects to it via ssh using putty on a windows pc directly connected to the internet. This all works fine.

However, we also want to connect to it (and run shell commands) from school. This is a problem. The only way traffic gets out to the internet from the schools LAN is via a VERY restrictive proxy server, which only allows http and, if you are lucky, ftp downloads (somehow they have disabled uploads). If it can be restricted it probably has been, so there is no socks, no tunnels and no non-http traffic outbound.

Security is very important. The only way I have of authenticating users is using passwords which isn't really a security problem- i have very few users allowed to connect to ssh and all of them have strong passwords. Obviously, however, passwords must be encrypted. Actually- the whole connection must be encrypted- as I will probably entering sensitive information on the command line.

I tried putty, but it can't get through the proxy.

I tried mindterm, but unfortunately it's just a java ssh client which is downloaded and run on the local machine- so it can't get through the proxy either.

I had a look at the CGI-Shell, but that's not encrypted, so forget it, unless you can make it secure if run through https.
I tried SSHWebProxy- and regretted it. I HATE JAVA. I wish I had never bothered trying to set it up. I prefer to compile everything from source, but could I do that with this? Nope. It uses some stupid java build environment, which doesn't work properly. I ended up installing loads of binary packages- YUK! What a mess. I did actually manage to get apache tomcat running (in standalone mode only- I want it integrated with apache), and SSHWebProxy ran in the tomcat container. Then I added one step further to the configuration to get it ready to open up to the internet and SSHWebProxy stopped working. It also takes over a minute to start and stop the thing, which is unnacceptable. This was all done while fumbling around in the dark with very little documentation and no real idea what anything was. I also have no idea whether this would be encrypted or not.

Then my friend suggested Net::SSH::Perl (why do all perl modules have double colons in their name?). So I tried to get that to work. At least the perl build process was reasonably easy, but I had to download and compile loads of dependencies manually, because the automated download and installer didn't work. Right- installed Net::SSH:Perl. Now what? From the very short documentation for it:

Now, I know absolutely no perl, and while I need to learn it, I have many other things which I need to get working before I do- especially this shell, as that will help with the other things. From the above I assume that this means that I need to write my own perl script to interface with it. I can't do that. I've looked at some of the examples, but to make things worse they don't work either!
I get:
500: Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Then in the logs I get:
usage: Net::SSH::Perl->new($host) at /home/simon/www/systemparadox/cgi-bin/remoteinteract.pl line 49
[Thu Jul 14 19:45:29 2005] [error] [client 192.168.38.3] Premature end of script headers: /home/simon/www/systemparadox/cgi-bin/remoteinteract.pl

Surely someone has written an front end for this? Much frustrating google searching returns nothing. There is nothing on the Net::SSH::Perl pages about a front end.



Sorry about the probably inconsise and not overly helpful posting, but
1. I am so peeved (I'm currently having the same frustrating lack of documentation issue with trying to set up a mail server), and
2. I don't really know what I'm talking about- seriously not helped by the total lack of documentation.
Please let me know if there is any other info I should give you.

Thankyou so much for any help
Simon

Does their proxy allow https? If so, you could try running your sshd on port 443 (https) and connecting to that with putty. Many (not all) proxy systems just pass https straight through (because of how public key cryptography works, it can't be effectively proxied, AFAIK)

Web based ssh client
 

Try This -


https://www.browsershell.com

unlimited web based ssh access to any server. 100% secure, uses SSL and they don't store any info about your server.

Very cheap - starts at $5 a month, first 5 days free!

Enjoy :-)

John.

Um, you do realize that you just replied to a three year old thread, don't you?

And so? The topic is still interesting, and this information is relevant, although I would never trust such a service.

Yves.

LOL, and now its a new thread again :-)

why wouldn't trust such a service? Its all secured through SSL and natively through SSH. So long as the web server in the middle don't store your details then its all secure.

Lets say your on a network and you can't get SSH access out on port 22, your web site has crashed and there's nothing you can do to get it back up, I'll bet you'd trust it then! ;-)